Pages

Monday, November 5, 2012

Cyber Security Capabilities Of India

Maintaining cyber
security at the international level is a tedious task.
This is so because cyberspace does not recognises any boundary and
cyber attacks can be launched from any part of the world. While cyber
attacks upon various computer systems and computer resources are
cause of concern yet cyber attacks upon critical infrastructures is
of grave concern.

Fortunately,
Indian government has decided to streamline cyber security of India.
The Indian government is in the process of finalising an elaborate
plan to strengthen India's cyber security capabilities. A national
critical information infrastructure protection centre (NCIPC) of
India has also been proposed by Indian government. It
intends to ensure critical infrastructure protection and critical ICT
infrastructure protection in India.

There are few
prerequisites that can make the NCIPC of India successful. Firstly,
there must be a centralised
ICT command centre of India that can coordinate various
cyber security issues. Secondly, specialised agencies and authorities
must be constituted for critical infrastructure areas like power,
telecom, defense, aviation, etc. These agencies and authorities must
coordinate with the centralised command centre for cyber security
related issues.

Now Indian government is
planning to step up cyber security protection levels, putting in
place real time command-and-control centers and delineating
responsibilities among various agencies.

Among the proposals
are establishment of dedicated command-and-control centers in India
to monitor critical infrastructure in real time, constituting
computer emergency response teams (CERTs) for key sectors such as
power, aviations, etc and formulation of elaborate protocols for all
stakeholders involved in the process of ensuring cyber security in
India.

The Cabinet Committee on Security (CS) may approve in a
few weeks the multi-layered security plans to protect India's
critical infrastructure. The national security advisor (NSA) and the
cabinet secretary are working on the final plan.

There would
be a clear demarcation of responsibilities between Computer Emergency
Response Team-India (CERT-In), National Technical Research
Organisation (NTRO), Intelligence Bureau (IB), Military Intelligence
(MI) and other agencies that have a role in fighting cyber
intrusions. Protocols would be formulated to ensure that there is no
overlap between the functions and obligations of various agencies
fighting cyber attacks against India. The proposed protocol will also
cover department of telecom, department of information technology,
National Informatics Centre etc.

Under the proposal, the
government will also regularly and proactively monitor and scan
critical networks. Not just that, the levels of security for these
networks will also be stepped up. CERT-In may also be creating its
own real time monitoring centre to strengthen it cyber security
initiatives. The responsibility for monitoring critical
infrastructure will be divided between NCIPC and CERT-In. The
government will also set up dedicated CERT for critical sectors such
as power, aviation etc where no such national monitoring mechanism
exists.

This is a good step in the right direction and
Perry4law and PTLB welcome this move. We also hope that with this the
cyber security capabilities of India would be upgraded to the
required levels.